Encrypting the DB Connection String in the Web.config file

Recommended Posts

Whilst it's not entirely necessary to encrypt the database connection strings within the web.config file, it is recommended so the SQL Account credentials used to access the Passwordstate database is encrypted and unreadable from anyone who can read the file system on your web server.

To encrypt the database connections string, please follow these instructions:

Encrypt Connection String

Open a command prompt and change to the v4.0.30319 .Net Framework folder (normally found under C:\Windows\Microsoft.NET\Framework\v4.0.30319)

Type the following:
aspnet_regiis.exe -pef "connectionStrings" "c:\inetpub\passwordstate" (change the path if you've installed Passwordstate to a different location)

Decrypt Connection String

Open a command prompt and change to the v4.0.30319 .Net Framework folder folder (normally found under C:\Windows\Microsoft.NET\Framework\v4.0.30319)

Type the following:
aspnet_regiis.exe -pdf "connectionStrings" "c:\inetpub\passwordstate" (change the path if you've installed Passwordstate to a different location)

Regards

Click Studios

Share this post

Link to post

Share on other sites

Just a note, if you are running the PasswordState service under a different account, you have to explicitly give it permissions to read the encryption keys, if you encrypt the database connection string, by using this command: